The app installed a root certificate on your phone, along with a VPN profile in order to block advertising within apps, like Facebook, Yahoo and Google by proxying all traffic through a service — tempting, but dangerous.

The problem is that Been needed to capture all your internet traffic, decrypt it, remove the ads, then send it back to you, which is somewhat horrifying. That means, if Been wanted to it could technically view your passwords or access tokens in plain text.

Of course, Been promises it’ll never do that, saying that it only inspects the headers of your decrypted traffic to determine if it’s an advertisement, but the fact that it’s decrypted at all in transit is a huge problem.

To block advertising — you know, the thing that pays for many services you use — people are willing to hand over the keys to literally everything but I’m not sure they understand the true impact of what that means.

A common type of attack used to steal data like logins and access keys is called a Man In The Middle, or MITM, and by using one of these apps you’re basically doing it to yourself willingly… just to avoid seeing a few annoying ads.

Apple, which initially approved Been, decided to remove it citing that it requires “end to end encryption” — hopefully that means similar mechanisms won’t be approved in the future.